How to install and secure phpMyAdmin on Centos 7

phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.

Features provided by the program include:

  • Web interface
  • MySQL and MariaDB database management
  • Import data from CSV and SQL
  • Export data to various formats: CSV, SQL, XML, PDF ,Spreadsheet, Word, Excel, LaTeX. and others
  • Administering multiple servers
  • Creating PDF graphics of the database layout
  • Creating complex queries using Query-by-example (QBE)
  • Make complex SQL queries easier.

Requirments

You need LAMP stack installed and configured if you don’t follow the instructions in the link below:

How to install LAMP (Apache, MySQL, PHP) stack on CentOS 7

Install phpMyAdmin

phpMyAdmin is not provided by the official repository, so you have to add “EPEL” repository in order to install the latest version.

Add EPEL repository

You can easily install EPEL using “yum”:

yum install epel-release

Installing the phpMyAdmin

Now you can install the phpMyAdmin package with the command below:

yum install phpmyadmin

After the installation is finished, you can start with phpMyadmin right away using the following address:

http://PUBLIC_IP_DOMAIN/phpmyadmin

Securing the phpMyAdmin

Installing phpMyAdmin allowing you to easily access your MySQL database over the internet which is really handy but it can be a security flaw if you don’t limit the access to it.

In the following sections, we are going to set up some of the most important security methods to prevent bots and attackers from targeting your database:

1. Disable root Login

In this section, we are going to forbid the root login from phpMyAdmin.(it’s recommended to disable your root login from MySQL as well)

Open your phpMyAdmin global configuration with your text editor:

nano /etc/phpMyAdmin/config.inc.php

Find the following line:

$cfg['Servers'][$i]['AllowRoot'] = TRUE;

and change it like below:

$cfg['Servers'][$i]['AllowRoot'] = FALSE;

Save and exit.

2. Change the Alias

You can make your phpMyAdmin run with another Alias so the attackers or bots can’t find your login page,

Open the “phpMyAdmin.conf” file with the command below:

nano /etc/httpd/conf.d/phpMyAdmin.conf

Find the following lines:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

Comment them both with “#”

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin

Then add the following line under the commented lines (Replace the red part with your preferred alias):

Alias /myownalias /usr/share/phpMyAdmin

Save and exit.

Restart Apache service to take effect:

systemctl restart httpd

Now your phpMyAdmin is accessible using:

http://PUBLIC_IP_DOMAIN/myownalias

3. Protect with HTTP authentication

The next security layer we want to add is a web server authentication prompt that a user should pass before seeing the phpMyAdmin login page.

This ability is provided by Apache itself, you just need to install “httpd-tools” with the command below:

yum install httpd-tools

Then open the “phpMyAdmin.conf” in your text editor:

nano /etc/httpd/conf.d/phpMyAdmin.conf

Add the red part within the “/usr/share/phpMyAdmin” directive like below:

<Directory /usr/share/phpMyAdmin/>
AllowOverride All
<IfModule mod_authz_core.c>
. . .
</Directory>

This will allow us to add some configuration to a file called “.htaccess”

Now you need to create the “.htaccess” file:

nano /usr/share/phpMyAdmin/.htaccess

Paste the following lines into the file then save and exit:

AuthType Basic
AuthName "Admin Login"
AuthUserFile /etc/httpd/pma_pass
Require valid-user

Next, we are going to create a password file for authentication with the command below:

htpasswd -c /etc/httpd/pma_pass username

Enter your preferred password upon prompt.

Finally, restart your Apache service with the command below to take effect:

systemctl restart httpd
Was this answer helpful? 0 Users Found This Useful (0 Votes)